September 9, 2015 By Douglas Bonderud 2 min read

While the Google Play store never garnered the AppStore’s reputation for security, Google Bouncer has evolved to the point where most apps up for sale are both clean and legitimate. According to SecurityWatch, however, a new malware variant is taking the fun out of downloading new applications: Infected apps carrying Android.Trojan.MKero.A have been spotted in the store and now come with the ability to avoid CAPTCHA security measures and launch a concealed subscription service. How do users stay safe?

CAPTCHA Conundrum

Sure, CAPTCHA isn’t perfect, but there’s a lot to recommend about the process since it screens out virtually any automated process trying to cross secure barriers. It’s also simply not worth attackers’ time to develop a code-based solution to replicate human image recognition. As noted by the Security Watch piece, however, it’s absolutely worth their time to leverage services like Antigate.com, which relies on users to recognize the characters in CAPTCHA images and send back the results. Packaged along with Android.Trojan.MKero.A, it’s possible for malicious actors to approve subscription-based SMS services on victims’ phones and start running up the charges; Bitdefener estimated that total financial losses could reach $250,000.

Of course, getting this malware onto phones means getting it into the Google Play store. Security experts still aren’t sure about the exact transport mechanism but speculate that code sophistication has now increased to the point where Bouncer is unable to tell the difference between legitimate offerings and aggressive Trojans. So far, apps that carry this Trojan have been downloaded hundreds of thousands of times. Worse still, they run completely silent on Android phones, meaning users won’t know they’ve been compromised until big bills start piling up.

No Safe Harbor for Google Play

With malware now sneaking into legitimate app stores, users can no longer rely on manufacturer-gated content to ensure safety. Bitdefender recommended running some type of mobile security solution to identify and report malicious apps, SecurityWatch reported. The problem here is tracking down the right service since some of these so-called security apps are actually malware in disguise or so poorly made that users are better off with no protection whatsoever.

Tech Republic recommended rebooting Android devices in Safe Mode if it becomes clear they’ve been compromised. This is easy: Just hold down the power button, select “Reboot to Safe Mode” and all third-party apps will be disabled, allowing users to purge them from the device.

As noted by Forbes, chipmakers like Qualcomm are also looking at ways to help safeguard devices with the new Snapdragon Smart Protect. Users running a Snapdragon processor get the benefit of active protection, which monitors app behavior and reports any suspicious events — for example, if a user’s screen is turned off but an app is trying to send an SMS message. This could be a sign of malicious activity, and the phone will wake and alert the user.

With Google Play no longer a safe harbor for app purchases, users need to take matters into their own hands. This could mean installing third-party protection apps, rebooting in safe mode or upgrading to a new processor with the hope that on-chip defenses will make up for CAPTCHA-cheating crooks.

More from

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today